by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
FCW : September 15, 2014
September 15, 2014 FCW.COM 23 Internet use across industries such as government, health care, retail, educa- tion and finance relies on the ability to access personally identifiable infor- mation (PII) scattered across different applications and organizations. Fur- ther, the proliferation of software-as- a-service models and online platforms is further dispersing our personal data. Yet as evidenced by a number of high-profile data breaches in the past few months — and, based on Veri- zon’s 2014 Data Breach Investigations Report, the number of data breaches is growing — the current need to protect- ing our PII exceeds the capabilities of existing security, privacy and interop- erability technologies. Meanwhile, data breaches and resultant identity theft are imposing enormous societal economic costs and personal hardship for individuals who have had their PII compromised. Fragmentation of online identity means that we as online users are forced to struggle with proliferating accounts and passwords. And we are regularly required to reveal sensitive information about ourselves and repeat- edly enter the same information to cre- ate accounts that establish new, dispa- rate online identities. That approach wastes time, under- mines privacy and further exposes us to identity theft. Perhaps worse, we must rely on websites and online ser- vice providers to protect our privacy and security, whether we want to trust those organizations or not. In addition, the shortcomings of existing online security models limit organizations from using their most valuable data, which also tends to be their most sensitive data, for online, real-time business processes. Further- more, organizations and online service platforms are burdened with storing our PII, which they then must protect to try to guard against unauthorized data disclosure. Now extend those issues to the bur- geoning Internet of Things. How can we protect and ensure that the control and use of devices connected online have not been compromised? How comfort- able are we with having devices that can affect human safety controlled via the Internet? Today’s enterprise-based approach- es — which involve each organization developing its own identity, security and privacy architecture — cannot meet those challenges. Point-to-point integrations across organizational boundaries are difficult at best and do not easily scale up to interact with more organizations, which is particu- larly troublesome for regulated data such as medical, educational or finan- cial records. Verifying authorization requires matching our online identity with the identity attributes in the records being requested, or verifying that the user has a relationship with the subject of the records (e.g., the user is the custodial parent of a child) or has an affiliation with an organization (e.g., is the prin- cipal of the school where the child is enrolled). That typically involves match- ing our identities and relationships with the subjects of records across multiple organizations and applications, each of which often has its own identity models and security policies. Compounding the challenge is the fact that verifying identity, relationships and authorization typically involves evaluating sensitive and proprietary BY RICHARD A. SPIRES Trust management enforces granular privacy, security and organizational policies for gathering and protecting personally identifiable information Online privacy: It’s time for a new security paradigm CIOPerspective Richard A. Spires has been in the IT field for more than 30 years, with eight years in federal govern- ment service. Most recently, he served as CIO at the Department of Homeland Security. He is now CEO of Resilient Network Systems.
September 30, 2014
August 30, 2014